Current Database

Attack Vectors

Reading from a file

ProstgreSQL provides two way to access local file:

COPY statement

pg_read_file() internal function (starting from PostgreSQL 8.1)

COPY:

This operator copies data between file and table. Thus in order to user it you need to enumerate
at least one table and one column to store result within.
How to enumerate tables and columns has been discussed on previous sections.

Example:

Let say you allready guess the existence of content text column in table contents belonging
to current database. You can retrieve postgres client history with the following trick: